Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-52308 - Fleet not detecting GitHub / gh CLI CVE #24009

Open
nonpunctual opened this issue Nov 21, 2024 · 3 comments
Open

CVE-2024-52308 - Fleet not detecting GitHub / gh CLI CVE #24009

nonpunctual opened this issue Nov 21, 2024 · 3 comments
Assignees
@ksykulev
Labels
bug Something isn't working as documented customer-stazzema #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.

Comments

@nonpunctual
Copy link
Contributor

Fleet version:
Fleet 4.58.0 • Go go1.23.1

Web browser and operating system:
N/A

💥  Actual behavior

CVE-2024-52308 - GHSA-p2h2-3vg9-4p87

THis CVE affects the Github CLI - the binary name is gh

FleetDM seems not able to detect it probably because the CPE cpe:2.3:a:github:cli:*:*:*:*:*:*:*:*, calls the app cli and not gh?

Github calls it gh in their documentation.

🧑‍💻  Steps to reproduce

Look for CVE-2024-52308 in Fleet vulnerability data.

N/A
@nonpunctual nonpunctual added bug Something isn't working as documented :reproduce Involves documenting reproduction steps in the issue :incoming New issue in triage process. customer-stazzema #g-endpoint-ops Endpoint ops product group labels Nov 21, 2024
@nonpunctual
Copy link
Contributor Author

Do we have queries we use for testing that parse CPEs that we can share? Thanks.

@sharon-fdm sharon-fdm added the :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. label Nov 22, 2024
@ksykulev ksykulev self-assigned this Nov 22, 2024
@ksykulev ksykulev mentioned this issue Nov 22, 2024
Open
3 tasks
@lukeheath lukeheath added ~released bug This bug was found in a stable release. and removed :reproduce Involves documenting reproduction steps in the issue labels Nov 22, 2024
@ksykulev
Copy link
Contributor

@nonpunctual This looks like some code that parses CPEs: https://github.com/fleetdm/fleet/blob/main/server/vulnerabilities/nvd/tools/wfn/fsb.go#L45-L81 and the associated tests https://github.com/fleetdm/fleet/blob/main/server/vulnerabilities/nvd/tools/wfn/fsb_test.go#L22

@nonpunctual
Copy link
Contributor Author

Customer also posted this PR related to this issue: github/advisory-database#5027

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ksykulev ksykulev

Labels
bug Something isn't working as documented customer-stazzema #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release.
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ksykulev @lukeheath @sharon-fdm @nonpunctual